dd-trace 5.82.0 → 5.84.0

package/packages/datadog-plugin-undici/src/index.js

@@ -1,10 +1,313 @@
 'use strict'
 
-const FetchPlugin = require('../../datadog-plugin-fetch/src/index.js')
+const HttpClientPlugin = require('../../datadog-plugin-http/src/client')
+const { storage } = require('../../datadog-core')
+const tags = require('../../../ext/tags')
+const formats = require('../../../ext/formats')
+const HTTP_HEADERS = formats.HTTP_HEADERS
+const log = require('../../dd-trace/src/log')
+const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 
-class UndiciPlugin extends FetchPlugin {
+const {
+  HTTP_STATUS_CODE,
+  HTTP_REQUEST_HEADERS,
+  HTTP_RESPONSE_HEADERS,
+} = tags
+
+// WeakMap to store span context for native undici request objects
+const requestContexts = new WeakMap()
+
+class UndiciPlugin extends HttpClientPlugin {
   static id = 'undici'
   static prefix = 'tracing:apm:undici:fetch'
+
+  constructor (...args) {
+    super(...args)
+
+    // Subscribe to native undici diagnostic channels for undici >= 4.7.0
+    // These channels fire for ALL undici requests (fetch, request, stream, etc.)
+    this.addSub('undici:request:create', this.#onNativeRequestCreate.bind(this))
+    this.addSub('undici:request:headers', this.#onNativeRequestHeaders.bind(this))
+    this.addSub('undici:request:trailers', this.#onNativeRequestTrailers.bind(this))
+    this.addSub('undici:request:error', this.#onNativeRequestError.bind(this))
+  }
+
+  // ===========================================
+  // Native undici diagnostic channel handlers
+  // These fire for undici >= 4.7.0 for ALL request types (fetch, request, stream, etc.)
+  // ===========================================
+
+  #onNativeRequestCreate ({ request }) {
+    if (!request) return
+
+    const store = storage('legacy').getStore()
+    const { origin = '', path = '/' } = request
+    const method = request.method?.toUpperCase() ?? 'GET'
+
+    // Parse origin to extract protocol, hostname, port
+    let protocol = 'http:'
+    let hostname = 'localhost'
+    let port = ''
+
+    try {
+      const url = new URL(origin)
+      protocol = url.protocol
+      hostname = url.hostname
+      port = url.port
+    } catch {
+      // If origin is not a valid URL, use defaults
+    }
+
+    const host = port ? `${hostname}:${port}` : hostname
+    const pathname = path.split(/[?#]/)[0]
+    const uri = `${protocol}//${host}${pathname}`
+
+    const allowed = this.config.filter(uri)
+    const childOf = store && allowed ? store.span : null
+
+    const span = this.startSpan(this.operationName(), {
+      childOf,
+      meta: {
+        'span.kind': 'client',
+        'http.method': method,
+        'http.url': uri,
+        'out.host': hostname
+      },
+      metrics: {
+        [CLIENT_PORT_KEY]: port ? Number.parseInt(port, 10) : undefined
+      },
+      service: this.serviceName({ pluginConfig: this.config, sessionDetails: { host: hostname, port } }),
+      resource: method,
+      type: 'http'
+    }, false)
+
+    // Disable recording if not allowed
+    if (!allowed) {
+      span._spanContext._trace.record = false
+    }
+
+    // Capture request headers if configured
+    if (request.headers && this.config.headers) {
+      addConfiguredHeaders(span, request.headers, this.config.headers, HTTP_REQUEST_HEADERS)
+    }
+
+    // Inject trace headers if propagation is allowed
+    if (this.config.propagationFilter(uri)) {
+      const headers = {}
+      this.tracer.inject(span, HTTP_HEADERS, headers)
+
+      // Use addHeader if available (undici provides this on the request object)
+      if (typeof request.addHeader === 'function') {
+        for (const [name, value] of Object.entries(headers)) {
+          request.addHeader(name, value)
+        }
+      }
+    }
+
+    // Store span context for request for later retrieval
+    requestContexts.set(request, {
+      span,
+      store,
+      uri
+    })
+
+    // Enter the span context
+    storage('legacy').enterWith({ ...store, span })
+  }
+
+  #onNativeRequestHeaders ({ request, response }) {
+    const ctx = requestContexts.get(request)
+    if (!ctx) return
+
+    const { span } = ctx
+    const statusCode = response?.statusCode
+
+    if (statusCode) {
+      span.setTag(HTTP_STATUS_CODE, statusCode)
+
+      if (!this.config.validateStatus(statusCode)) {
+        span.setTag('error', 1)
+      }
+    }
+
+    // Add response headers if configured
+    if (response?.headers && this.config.headers) {
+      addConfiguredHeaders(span, response.headers, this.config.headers, HTTP_RESPONSE_HEADERS)
+    }
+  }
+
+  #onNativeRequestTrailers ({ request }) {
+    const ctx = requestContexts.get(request)
+    if (!ctx) return
+
+    const { span, store } = ctx
+
+    // Call the request hook if configured
+    this.config.hooks.request(span, null, null)
+
+    // Finish the span
+    span.finish()
+
+    // Clean up
+    requestContexts.delete(request)
+
+    // Restore parent store
+    if (store) {
+      storage('legacy').enterWith(store)
+    }
+  }
+
+  #onNativeRequestError ({ request, error }) {
+    const ctx = requestContexts.get(request)
+    if (!ctx) return
+
+    const { span, store } = ctx
+
+    // Don't record AbortError as an error - it's user-initiated cancellation
+    if (error && error.name !== 'AbortError') {
+      span.setTag('error', error)
+    }
+
+    // Call the request hook if configured
+    this.config.hooks.request(span, null, null)
+
+    // Finish the span
+    span.finish()
+
+    // Clean up
+    requestContexts.delete(request)
+
+    // Restore parent store
+    if (store) {
+      storage('legacy').enterWith(store)
+    }
+  }
+
+  // ===========================================
+  // Fetch-based tracing channel handlers
+  // These handle fetch() for undici < 4.7.0 (before native DC was added)
+  // ===========================================
+
+  bindStart (ctx) {
+    const req = ctx.req
+    const options = new URL(req.url)
+    options.headers = Object.fromEntries(req.headers.entries())
+    options.method = req.method
+
+    ctx.args = { options }
+
+    const store = super.bindStart(ctx)
+
+    // Inject trace headers back into the request
+    for (const name of Object.keys(options.headers)) {
+      if (!req.headers.has(name)) {
+        req.headers.set(name, options.headers[name])
+      }
+    }
+
+    return store
+  }
+
+  error (ctx) {
+    // Don't record AbortError as an error - it's user-initiated cancellation
+    if (!ctx.error || ctx.error.name !== 'AbortError') {
+      return super.error(ctx)
+    }
+  }
+
+  asyncEnd (ctx) {
+    ctx.res = ctx.result
+    return this.finish(ctx)
+  }
+
+  configure (config) {
+    return super.configure(normalizeConfig(config))
+  }
+}
+
+// Add configured headers to span with appropriate tags
+function addConfiguredHeaders (span, rawHeaders, configuredHeaders, headerType) {
+  const headers = normalizeHeaders(rawHeaders)
+
+  for (const [key, tag] of configuredHeaders) {
+    const value = headers[key]
+    if (value) {
+      span.setTag(tag || `${headerType}.${key}`, value)
+    }
+  }
 }
 
+// Normalize headers to an object, handling different undici formats:
+// - Array format: alternating key-value pairs (undici >= 6.0.0)
+// - String format: HTTP header lines like "key: value\r\n" (undici 5.x)
+// - Object format: already a headers object
+function normalizeHeaders (headers) {
+  if (!headers) return {}
+
+  // String format (undici 5.x): "key: value\r\nkey2: value2\r\n"
+  if (typeof headers === 'string') {
+    const result = {}
+    const lines = headers.split('\r\n')
+    for (const line of lines) {
+      if (!line) continue
+      const colonIndex = line.indexOf(':')
+      if (colonIndex > 0) {
+        const key = line.slice(0, colonIndex).toLowerCase().trim()
+        const value = line.slice(colonIndex + 1).trim()
+        result[key] = value
+      }
+    }
+    return result
+  }
+
+  // Array format (undici >= 6.0.0): alternating key-value pairs
+  if (Array.isArray(headers)) {
+    const result = {}
+    for (let i = 0; i < headers.length; i += 2) {
+      const key = headers[i]
+      if (typeof key === 'string') {
+        result[key.toLowerCase()] = headers[i + 1]
+      } else if (Buffer.isBuffer(key)) {
+        result[key.toString().toLowerCase()] = headers[i + 1]?.toString?.() || headers[i + 1]
+      }
+    }
+    return result
+  }
+
+  // Object format: use as-is
+  return headers
+}
+
+function normalizeConfig (config) {
+  const validateStatus = getStatusValidator(config)
+  const hooks = getHooks(config)
+
+  return {
+    ...config,
+    validateStatus,
+    hooks
+  }
+}
+
+function getStatusValidator (config) {
+  if (typeof config.validateStatus === 'function') {
+    return config.validateStatus
+  } else if (Object.hasOwn(config, 'validateStatus')) {
+    log.error('Expected `validateStatus` to be a function.')
+  }
+  return defaultValidateStatus
+}
+
+function defaultValidateStatus (code) {
+  return code < 400 || code >= 500
+}
+
+function getHooks (config) {
+  const request = config.hooks?.request ?? noop
+
+  return { request }
+}
+
+function noop () {}
+
 module.exports = UndiciPlugin

package/packages/datadog-plugin-vitest/src/index.js

@@ -2,7 +2,7 @@
 
 const CiPlugin = require('../../dd-trace/src/plugins/ci_plugin')
 const { storage } = require('../../datadog-core')
-const { getEnvironmentVariable } = require('../../dd-trace/src/config-helper')
+const { getValueFromEnvSources } = require('../../dd-trace/src/config/helper')
 
 const {
   TEST_STATUS,
@@ -281,11 +281,11 @@ class VitestPlugin extends CiPlugin {
     this.addBind('ci:vitest:test-suite:start', (ctx) => {
       const { testSuiteAbsolutePath, frameworkVersion } = ctx
 
-      this.command = getEnvironmentVariable('DD_CIVISIBILITY_TEST_COMMAND')
+      this.command = getValueFromEnvSources('DD_CIVISIBILITY_TEST_COMMAND')
       this.frameworkVersion = frameworkVersion
       const testSessionSpanContext = this.tracer.extract('text_map', {
-        'x-datadog-trace-id': getEnvironmentVariable('DD_CIVISIBILITY_TEST_SESSION_ID'),
-        'x-datadog-parent-id': getEnvironmentVariable('DD_CIVISIBILITY_TEST_MODULE_ID')
+        'x-datadog-trace-id': getValueFromEnvSources('DD_CIVISIBILITY_TEST_SESSION_ID'),
+        'x-datadog-parent-id': getValueFromEnvSources('DD_CIVISIBILITY_TEST_MODULE_ID')
       })
 
       const trimmedCommand = DD_MAJOR < 6 ? this.command : 'vitest run'
@@ -405,7 +405,7 @@ class VitestPlugin extends CiPlugin {
       finishAllTraceSpans(this.testSessionSpan)
       this.telemetry.count(TELEMETRY_TEST_SESSION, {
         provider: this.ciProviderName,
-        autoInjected: !!getEnvironmentVariable('DD_CIVISIBILITY_AUTO_INSTRUMENTATION_PROVIDER')
+        autoInjected: !!getValueFromEnvSources('DD_CIVISIBILITY_AUTO_INSTRUMENTATION_PROVIDER')
       })
       this.tracer._exporter.flush(onFinish)
     })

package/packages/datadog-shimmer/src/shimmer.js

@@ -76,11 +76,8 @@ function wrapFunction (original, wrapper) {
   if (typeof original !== 'function') return original
 
   const wrapped = wrapper(original)
-
-  if (typeof original === 'function') {
-    assertNotClass(original)
-    copyProperties(original, wrapped)
-  }
+  assertNotClass(original)
+  copyProperties(original, wrapped)
 
   return wrapped
 }

package/packages/dd-trace/index.js

@@ -10,6 +10,25 @@ if (!global._ddtrace) {
     writable: true
   })
 
+  const ddTraceSymbol = Symbol.for('dd-trace')
+
+  Object.defineProperty(globalThis, ddTraceSymbol, {
+    value: {
+      beforeExitHandlers: new Set(),
+    },
+    enumerable: false,
+    configurable: true, // Allow this to be overridden by loading the tracer
+    writable: false
+  })
+
+  process.once('beforeExit', function mainBeforeExit () {
+    if (globalThis[ddTraceSymbol]?.beforeExitHandlers) {
+      for (const handler of globalThis[ddTraceSymbol].beforeExitHandlers) {
+        handler()
+      }
+    }
+  })
+
   global._ddtrace.default = global._ddtrace
   global._ddtrace.tracer = global._ddtrace
 }

package/packages/dd-trace/src/agent/info.js

@@ -0,0 +1,57 @@
+'use strict'
+
+const request = require('../exporters/common/request')
+
+const CACHE_TTL_MS = 60_000 // 1 minute
+
+let cachedUrl = null
+let cachedData = null
+let cachedTimestamp = 0
+
+module.exports = {
+  fetchAgentInfo,
+  clearCache // For testing purposes only
+}
+
+/**
+ * Fetches agent information from the /info endpoint
+ * @param {URL} url - The agent URL
+ * @param {Function} callback - Callback function with signature (err, agentInfo)
+ */
+function fetchAgentInfo (url, callback) {
+  const urlKey = url.href
+
+  if (cachedUrl !== null && cachedUrl !== urlKey) {
+    // Clear cache if URL changes
+    clearCache()
+  } else if (cachedData !== null && (Date.now() - cachedTimestamp) < CACHE_TTL_MS) {
+    // Return cached result if still valid
+    return process.nextTick(callback, null, cachedData)
+  }
+
+  request('', {
+    path: '/info',
+    url
+  }, (err, res) => {
+    if (err) {
+      return callback(err)
+    }
+
+    try {
+      cachedData = JSON.parse(res)
+    } catch (e) {
+      return callback(e)
+    }
+
+    cachedUrl = urlKey
+    cachedTimestamp = Date.now()
+
+    callback(null, cachedData)
+  })
+}
+
+function clearCache () {
+  cachedUrl = null
+  cachedData = null
+  cachedTimestamp = 0
+}

package/packages/dd-trace/src/agent/url.js

@@ -0,0 +1,28 @@
+'use strict'
+
+const { URL, format } = require('url')
+const defaults = require('../config/defaults')
+
+module.exports = { getAgentUrl }
+
+// TODO: Investigate merging with the getAgentUrl function in config/index.js which has
+// additional logic for unix socket auto-detection on Linux. The config version is only used
+// during config initialization, while this one is used throughout the codebase. Consider if
+// the unix socket detection should be part of this general helper or remain config-specific.
+
+/**
+ * Gets the agent URL from config, constructing it from hostname/port if needed
+ * @param {ReturnType<import('../config')>} config - Tracer configuration object
+ * @returns {URL} The agent URL
+ */
+function getAgentUrl (config) {
+  const { url, hostname, port } = config
+  if (url) {
+    return url instanceof URL ? url : new URL(url)
+  }
+  return new URL(format({
+    protocol: 'http:',
+    hostname: hostname || defaults.hostname,
+    port: port || defaults.port
+  }))
+}

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js

@@ -12,7 +12,7 @@ const { getName } = require('../telemetry/verbosity')
 const telemetry = require('../telemetry')
 const log = require('../../../log')
 const orchestrionConfig = require('../../../../../datadog-instrumentations/src/orchestrion-config')
-const { getEnvironmentVariable } = require('../../../config-helper')
+const { getEnvironmentVariable } = require('../../../config/helper')
 const { LOG_MESSAGE, REWRITTEN_MESSAGE } = require('./constants')
 const { incrementTelemetryIfNeeded } = require('./rewriter-telemetry')
 const { csiMethods } = require('./csi-methods')

package/packages/dd-trace/src/appsec/index.js

@@ -104,6 +104,8 @@ function enable (_config) {
   }
 }
 
+const analyzedBodies = new WeakSet()
+
 function onRequestBodyParsed ({ req, res, body, abortController }) {
   if (body === undefined || body === null) return
 
@@ -120,6 +122,12 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
     storedBodies.set(req, body)
   }
 
+  // eslint-disable-next-line eslint-rules/eslint-safe-typeof-object
+  if (typeof body === 'object') {
+    if (isEmptyObject(body)) return
+    analyzedBodies.add(body)
+  }
+
   const results = waf.run({
     persistent: {
       [addresses.HTTP_INCOMING_BODY]: body
@@ -129,12 +137,17 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
   handleResults(results?.actions, req, res, rootSpan, abortController)
 }
 
+const analyzedCookies = new WeakSet()
+
 function onRequestCookieParser ({ req, res, abortController, cookies }) {
   if (!cookies || typeof cookies !== 'object') return
 
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
+  if (isEmptyObject(cookies)) return
+  analyzedCookies.add(cookies)
+
   const results = waf.run({
     persistent: {
       [addresses.HTTP_INCOMING_COOKIES]: cookies
@@ -178,19 +191,34 @@ function incomingHttpEndTranslator ({ req, res }) {
   const persistent = {}
 
   // we need to keep this to support other body parsers
-  // TODO: no need to analyze it if it was already done by the body-parser hook
   if (req.body !== undefined && req.body !== null) {
-    persistent[addresses.HTTP_INCOMING_BODY] = req.body
+    // eslint-disable-next-line eslint-rules/eslint-safe-typeof-object
+    if (typeof req.body === 'object') {
+      if (!isEmptyObject(req.body) && !analyzedBodies.has(req.body)) {
+        persistent[addresses.HTTP_INCOMING_BODY] = req.body
+      }
+    } else {
+      persistent[addresses.HTTP_INCOMING_BODY] = req.body
+    }
   }
 
   // we need to keep this to support other cookie parsers
-  if (req.cookies !== null && typeof req.cookies === 'object') {
+  if (
+    req.cookies !== null &&
+    typeof req.cookies === 'object' &&
+    !isEmptyObject(req.cookies) &&
+    !analyzedCookies.has(req.cookies)
+  ) {
     persistent[addresses.HTTP_INCOMING_COOKIES] = req.cookies
   }
 
   // we need to keep this to support nextjs
   const query = req.query
-  if (query !== null && typeof query === 'object') {
+  if (
+    query !== null &&
+    typeof query === 'object' &&
+    !isEmptyObject(query)
+  ) {
     persistent[addresses.HTTP_INCOMING_QUERY] = query
   }
 
@@ -198,7 +226,7 @@ function incomingHttpEndTranslator ({ req, res }) {
     persistent[addresses.WAF_CONTEXT_PROCESSOR] = { 'extract-schema': true }
   }
 
-  if (Object.keys(persistent).length) {
+  if (!isEmptyObject(persistent)) {
     waf.run({ persistent }, req)
   }
 
@@ -273,6 +301,8 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
+  if (isEmptyObject(query)) return
+
   const results = waf.run({
     persistent: {
       [addresses.HTTP_INCOMING_QUERY]: query
@@ -286,7 +316,7 @@ function onRequestProcessParams ({ req, res, abortController, params }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (!params || typeof params !== 'object' || !Object.keys(params).length) return
+  if (!params || typeof params !== 'object' || isEmptyObject(params)) return
 
   const results = waf.run({
     persistent: {
@@ -310,7 +340,7 @@ function onResponseBody ({ req, res, body }) {
 }
 
 function onResponseWriteHead ({ req, res, abortController, statusCode, responseHeaders }) {
-  if (Object.keys(responseHeaders).length) {
+  if (!isEmptyObject(responseHeaders)) {
     storedResponseHeaders.set(req, responseHeaders)
   }
 
@@ -401,6 +431,16 @@ function disable () {
   if (responseSetHeader.hasSubscribers) responseSetHeader.unsubscribe(onResponseSetHeader)
 }
 
+// this is faster than Object.keys().length === 0
+function isEmptyObject (obj) {
+  // eslint-disable-next-line no-unreachable-loop
+  for (const _ in obj) {
+    return false
+  }
+
+  return true
+}
+
 module.exports = {
   enable,
   disable,

package/packages/dd-trace/src/appsec/rasp/index.js

@@ -73,16 +73,14 @@ function handleUncaughtExceptionMonitor (error) {
     }
   } else {
     const cleanUp = removeAllListeners(process, 'uncaughtException')
-    const handler = () => {
-      process.removeListener('uncaughtException', handler)
-    }
+    const handler = () => {}
 
     setTimeout(() => {
       process.removeListener('uncaughtException', handler)
       cleanUp()
     })
 
-    process.on('uncaughtException', handler)
+    process.once('uncaughtException', handler)
   }
 }
 

package/packages/dd-trace/src/azure_metadata.js

@@ -3,7 +3,11 @@
 // Modeled after https://github.com/DataDog/libdatadog/blob/f3994857a59bb5679a65967138c5a3aec418a65f/ddcommon/src/azure_app_services.rs
 
 const os = require('os')
-const { getEnvironmentVariable, getEnvironmentVariables } = require('../../dd-trace/src/config-helper')
+const {
+  getEnvironmentVariable,
+  getEnvironmentVariables,
+  getValueFromEnvSources
+} = require('./config/helper')
 const { getIsAzureFunction, getIsFlexConsumptionAzureFunction } = require('./serverless')
 
 function extractSubscriptionID (ownerName) {
@@ -37,8 +41,6 @@ function trimObject (obj) {
 function buildMetadata () {
   const {
     COMPUTERNAME,
-    DD_AAS_DOTNET_EXTENSION_VERSION,
-    DD_AZURE_RESOURCE_GROUP,
     FUNCTIONS_EXTENSION_VERSION,
     FUNCTIONS_WORKER_RUNTIME,
     FUNCTIONS_WORKER_RUNTIME_VERSION,
@@ -49,6 +51,9 @@ function buildMetadata () {
     WEBSITE_SITE_NAME
   } = getEnvironmentVariables()
 
+  const DD_AAS_DOTNET_EXTENSION_VERSION = getValueFromEnvSources('DD_AAS_DOTNET_EXTENSION_VERSION')
+  const DD_AZURE_RESOURCE_GROUP = getValueFromEnvSources('DD_AZURE_RESOURCE_GROUP')
+
   const subscriptionID = extractSubscriptionID(WEBSITE_OWNER_NAME)
 
   const siteName = WEBSITE_SITE_NAME